Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

U.S. retailer Target wasn't the only target of credit card thieves this past holiday season. Upscale retailer Neiman Marcus confirmed on Jan. 10 that it too was the victim of a data breach that saw customer credit card information stolen.

Neiman Marcus has not disclosed how many customer credit cards were stolen or how the breach occurred.

"The security of our customers' information is always a priority, and we sincerely regret any inconvenience," the official Neiman Marcus Twitter account stated on Jan. 11.

The retailer added in a follow-up tweet that it is taking steps to notify its customers whose credit cards were known be to be used fraudulently after purchasing goods at Neiman Marcus stores.

Further reading

In a statement sent to media outlets, including blogger Brian Krebs, who broke the story, Neiman Marcus gives some guidance as to when the breach occurred.

"On January 1st, the forensics firm discovered evidence that the company was the victim of a criminal cyber-security intrusion and that some customers' cards were possibly compromised as a result," Neiman Marcus stated. "We have begun to contain the intrusion and have taken significant steps to further enhance information security."

"While we can't definitively say what the source of the breach was, the percentage of extremely high value cards is significantly higher than we see on average," Ingevaldson said. "While it is hard to determine from a single black market, this would indicate these could come from a high end source, such as Neiman Marcus."

Neiman Marcus is the second major U.S. retailer to disclose a security incident during the 2013 holiday season. On Dec. 19, Target disclosed that it had been the victim of a credit card data breach. Initially, Target estimated that 40 million customers were impacted by the breach, but it increased the number to 70 million on Jan. 10.

According to a report published by Reuters on Jan. 12, Neiman Marcus and Target are not alone, as other retailers were also breached over the 2013 holiday season. The Reuters report claims that three or more attacks on other popular U.S. retail chains also occurred, although they have yet to be publicly disclosed. The report also claims that the methods used in the attacks were similar to those used against Target.

That method allegedly is a technique known as RAM scraping, an approach that enables an attacker to grab information from the memory on point-of-sale (PoS) devices.

Attacks against PoS devices and payment terminals are not a new phenomenon. Multiple approaches to infecting PoS devices and payment terminals have been publicly demonstrated over the years at the Black Hat USA security conference in Las Vegas. In a 2012 session titled "Pinpadpwn," a pair of security researchers publicly demonstrated multiple vulnerabilities in payment terminals that enabled them to gain unauthorized access and control of the device.

In the Target breach, the retailer has admitted that customer PIN numbers were also stolen. Target has emphasized, however, that its PIN information was strongly encrypted, making it more difficult for an attacker to make use of debit card data.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.